Data On Civil Servants And PPP Allegedly Leaked, Cyber Expert Urges The Establishment Of PDP Agency

The view of the BreachForums leaked PNS and PPPK data (photo: account X @FalconFedsio)

JAKARTA - On Saturday, August 10, there was an alleged leak of 4,759,218 data on Civil Servants and Government Employees with Work Agreements (PPPK) on one of the illegal sites.

Found by cybersecurity provider company FalconFeds.io on X, the threat perpetrator admitted to getting the data from the data database of the Satu Data ASN (onedatasn.bkn.go.id) website, and selling it for 10,000 US dollars (Rp160 million).

The data includes full name, place of birth date, helar, date of CPNS, date of civil servant, NIP, Number of CPNS Decree, Number of Civil Servant Decree, class, position, agencies, address, identity number, cellphone number, email address, education, Department, and also year of graduation.

🚨 Data Breach Alert 🚨A threat actor claims to be selling a database from Satu Data ASN (https://t.co/dDJr9ku85N), containing the personal information of 4,759,218 Indonesian civil servants (PNS) and government employees with work agreements (PPPK) across all provinces.… pic.twitter.com/FxZ531wzqy

— FalconFeeds.io (@FalconFeedsio) August 10, 2024

🚨 Data Breach Alert 🚨A threat actor claims to be selling a database from Satu Data ASN (https://t.co/dDJr9ku85N), containing the personal information of 4,759,218 Indonesian civil servants (PNS) and government employees with work agreements (PPPK) across all provinces.… pic.twitter.com/FxZ531wzqy

Responding to this issue, the CISSReC Cyber Security Research Institute conducted random verification on 13 ASN whose names were listed in the data sample via WhatsApp.

In an official statement, CISSReC Chairman Pratama Persadha said the data was valid, although there were those who informed about the last digit writing error on the NIP & NIK field.

For this reason, Pratama emphasized that the government should immediately form a Personal Data Protection Agency, so that action can be taken and impose sanctions on PSEs who experience data leakage incidents.

"In addition, strict rules must be made, that PSEs that cannot maintain their systems must be subject to legal consequences, both public and private PSEs," added Pratama in his short message quoted on Sunday, August 11.

In addition, Pratama also said that it is time for all government ministries/agencies, be it the central and regional governments, to be required to conduct an assessment to the IT system they have as a whole.

"So you can see the security of the system itself such as hackers seeing the system from out there, so you can immediately find out the security holes that may be in the system and immediately close the security gap," he said.